Wireshark mailing list archives
dumpcap and bpf assembler
From: Richard Stearn <richard () rns-stearn demon co uk>
Date: Tue, 26 May 2015 21:21:52 +0100
Is there a way of handing dumpcap a BPF assembler file rather than a
libpcap expression?
I have RTFM'd, googled and not found an answer.
Of course my reading ability and googlefu could be well broken :-)
Why, because I wish to filter on the protocol the network interface
currently believes the packet to be (skb->protocol), rather than what
the interface says it is and I have not found a libpcap expression that
achieves that.
--
Regards
Richard
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dumpcap and bpf assembler Richard Stearn (May 26)
- Re: dumpcap and bpf assembler Sake Blok (May 27)
- Re: dumpcap and bpf assembler Richard Stearn (May 27)
- Re: dumpcap and bpf assembler Sake Blok (May 27)
- Re: dumpcap and bpf assembler Richard Stearn (May 28)
- Re: dumpcap and bpf assembler Guy Harris (May 28)
- Re: dumpcap and bpf assembler Sake Blok (May 29)
- Re: dumpcap and bpf assembler Richard Stearn (May 27)
- Re: dumpcap and bpf assembler Sake Blok (May 27)